I received the task to authenticate a FAT client (App that runs on MacOS, not web) over Crowd, from within the internet. However I get authentication errors. I tried with POST /rest/usermanagement/1/session. By providing following in the body:
{ "username": "my_username", "password": "my_password"}
But I always get a authentication denied message.
When reading through SSO it seems like authentication is only supported through web security frameworks with session cookies?
Is it actually possible to just use the REST API to authenticate a user with username and password? I just need a response, with a success or error message. If yes, what REST url do I need to use, and what headers and body do I need to send?
Thanks,
Chris
Yes, of course it is possible to authenticate a user with a username and password from anything that is able to send HTTP requests to the Crowd server.
Unless you provide more details about the error you get, it's hard to say why authentication does not work in your case. You might have forgotten the validation factors or maybe you sent your request from an unauthorised IP address.
Here is a simple curl command to authenticate a user with Crowd's REST API:
curl -X POST -u "<application_name>:<application_password>" -H "Content-Type: application/json" -H "Accept: application/json" -d "{\"username\": \"<username>\", \"password\":\"<user_password>\", \"validation-factors\": { \"validationFactors\": [{\"name\": \"remote_address\", \"value\":\"<user_client_ip_address>\"}]}}" "http://<crowd.example.com>:8095/crowd/rest/usermanagement/1/session"
Anyway, the problem here is that what you want to do is very bad design from a security perspective. If you send the HTTP request to the Crowd server from the fat client, you will need to include the application name and application password in that request. That means that your fat client - which by nature is not secure - will have those credentials hardcoded somewhere in the code or in a configuration file.
You should instead create an application proxy with a REST endpoint requested by your fat client. That REST endpoint will be considered as an application from Crowd's perspective and will have the responsibility to request the Crowd server by sending its application name and application password.
Hope this helps.
Bruno
Thanks very much for your answer. I'm currently testing and will get back.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.